CVE-2026-3822

Summary

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

Affected Software

VendorProductVersion RangeStatus
TaipowerTaipower APP0 <= 3.4.4affected

Weaknesses

  • CWE-295: CWE-295 Improper certificate validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References